8

When using a variable to rewrite & proxy to an internal Openshift service within an nginx container's proxy_pass config, NGINX can't resolve the service's DNS due to a required resolver. For instance:

location /api/ {
   set $pass_url http://service.namespace.svc:8080$request_uri;
   proxy_pass  $pass_url;
}

When using standard Kubernetes, I can use kube-dns.kube-system.svc.cluster.localas the resolver:

resolver kube-dns.kube-system.svc.cluster.local;

But Openshift doesn't provide this. I've tried using the IP that is in the container's /etc/resolv.conf, which is just one of the nodes in my cluster that is running the DNS server, but it still can't resolve.

Weirdest part is nslookup service.namespace.svc from inside the container terminal uses the nameserver in /etc/resolv.conf and it works fine.

Is there an equivalent to the Kubernetes DNS hostname in Openshift I could use, or perhaps another solution to work around this?

ev0lution37
  • 1,129
  • 2
  • 14
  • 28

3 Answers3

3

Running ngnix in OpenShift 4.7 I was able to work around this issue by adding

resolver dns-default.openshift-dns.svc.cluster.local

to the server configuration. Apparently, ngnix is not parsing /etc/resolv.conf, but (in my case), dns-default.openshift-dns.svc.cluster.local also resolves to 172.30.0.10, which was defined as a nameserver in /etc/resolv.conf.

Max
  • 1,000
  • 1
  • 11
  • 25
1

In Openshift cluster there is SkyDNS service on each master node. It normally listens on port 8053. Just use them as the resolver for nginx config and you will be fine:

resolver your-openshift-master-node1-ip:8053 your-openshift-master-node2-ip:8053;
3cham
  • 11
  • 1
-2

From https://docs.openshift.com/container-platform/3.11/architecture/networking/networking.html#architecture-additional-concepts-openshift-dns, it looks like the following should work

<service>.<pod_namespace>.svc.cluster.local
Will Gordon
  • 3,303
  • 2
  • 11
  • 22